Hi!
I'm using OpenVZ 2.6.16-026test015 and it works very well beside some little problems with iptables...
Is there any possibility to use the ipt_mac module in VE?
I need to block network packages by mac addresses inside a VE...
For example i only want to block MAC 00:11:22:33:44:55 in veth101.0 and allow those packages from above MAC in veth102.0...
Prefiltering network packages inside the hardware node is not possible (in my opinion), because of the hardware constellation (bridge):
......./--- Wireless Interface (ath0)
bridge0---- Virtual Interface 1 (veth101.0)
'''''''\--- Virtual Interface 2 (veth102.0)
It works fine in the hardware node only but fails loading in the virtual node:
/etc/vz# vzctl enter 101
Warning: Unknown iptable module: ipt_mac, skipped
Warning: Unknown iptable module: xt_mac, skipped
entered into VPS 101
root@vn01:/# iptables -A INPUT -m mac --mac-source 00:11:22:33:44:55 -j DROP
iptables: No chain/target/match by that name
vz.conf:
[...snip...]
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_mac xt_mac"
Thanks for some hints or tricks
bye
MeMu
[Updated on: Tue, 01 August 2006 15:26]
Report message to a moderator